.png)
9 months ago
69 BOOK THIS SPACE FOR AD
ARTICLE AD
So Called Directory traversal allows an attacker to view or perhaps write on files that he is not allowed to. Lets have a look How its performed !!!
This lab contains a path traversal vulnerability in the display of product images. To solve the lab, retrieve the contents of the /etc/passwd file.
To perform path traversal you need to install Burp suit tool from Portswigger
Our goal is to find the contents of the /etc/passwd file. In-order to execute it we need to traverse to that specific folder, but how? from the above website we can aeea lot of shopping item displayed, try to click any one and see the change in the URL section.
# Before
https://www.web-security-academy.net/
# After
https://www.web-security-academy.net/product?productId=1
Now we can see a product id parameter. This is where HTML side of things comes in let get a bit insight about it. The “productid=1” here specifies the item number to be mapped with the details of that specific product. If the parameter input is not validated then we can traverse through the file directory.
https://www.web-security-academy.net/product?productId=/etc/passwd
Oops!!! Coming Back to the Concept of HTML
The structure of the web hosting and its meta data/images are stored on disk in the location /var/www/images/ so we need to traverse backwards to go to the root directory in this case its Linux so we use “../../../” we use 3 times to traverse back to the root folder if the folder is under images section.
Now try to open an image from that product description.
https://www.web-security-academy.net/image?filename=27.jpg
Here you can see “filename” as a parameter, which takes image as input. try the above mechanism.
https://www.web-security-academy.net/image?filename=../../../etc/passwd
Now you have successfully traversed to the contents of the /etc/passwd file.
Bengali (Bangladesh) · 
English (United States) ·